Installing eDirectory on OES provides an excellent opportunity to review your current directory structure to ensure that it meets your organization's needs and growth patterns.
Upgrading to OES provides an excellent opportunity to evaluate whether changes are necessary to better accommodate your current and future needs.
Type of Tree: Does a Traditional (pyramid-shaped, single tree environment) or specialized tree (flat tree designed for a specific situation such as an identity vault or LDAP authentication) make better sense in your environment? Many Novell customers are opting for a flat tree so LDAP can walk the tree more efficiently to find a user object.
Physical Network Layout—Location-based and Designed Around WAN links): Analyze the number of offices, where they are located, how many users are at each site, how sites communicate with each other, whether offices share the same data, and how data is routed among the sites.
Organizational Structure—Function-based Design): Is your organization static or dynamic? What growth patterns do you anticipate?
Security: How secure does your data need to be? Does some data need enhanced security?
Server configuration: What types of servers are on your network? Do they need to interact? Where are they located? What applications and services does each host? Are they managed locally or centrally?
User accessibility needs: Which applications and services are needed by which users? Do users need to read data or modify it? which rights need to flow from the root? How many users need remote access? Where will remote users access data from?
Application needs: Which offices use the same applications? How many users are there per application? Are applications installed locally or centrally?
Administrative strategies: Do you intend to manage eDirectory centrally or from many dispersed locations?
Naming standards for eDirectory objects: What naming standards are in force? Do any of them need to be changed or updated?
Scalability and interoperability: How important are these on your network? Are you willing to compromise scalability and/or performance for other worthwhile goals?
Speed and efficiency: How important are these on your network? Are you willing to compromise speed and efficiency for other worthwhile goals?
Fault tolerance: What steps have you taken to provide fault tolerance? Do additional options need to be implemented?
If you decide to redesign your system, you need to determine whether to keep services in their original tree or move them to a new tree. As part of this process, you probably also want to remove any objects that are no longer being used.
It is important that the WAN configuration is the first and foremost consideration for designing any eDirectory tree that caters primarily to file and print, particularly if your organization includes several remote facilities. In most cases, you should provide a partition for each remote location, even when it is a single-server site.
For example, if you plan to have five OES servers in place that are primarily dedicated to providing eDirectory replica services, all of the Master replicas could be contained on one of these servers along with multiple replicas of the higher levels of the tree. Each remote server should include an R/W replica of its local partition. Make sure you have three writable replicas in place to provide adequate redundancy.
If you decide to re-engineer your tree, it’s a good idea to create the new tree in a lab to make sure you can work with its structure and that it’s actually going to work the way you want before you put it into production.
Problems with eDirectory can derail a rollout very quickly. Make sure there are no significant health issues before you begin the upgrade. Determine whether the prerequisites have been met for introducing OES and eDirectory 8.8 into an existing tree or for transferring eDirectory from NetWare to OES.
NOTE:When you upgrade to eDirectory 8.8, a server health check is conducted by default to ensure that the server is safe for the upgrade.
Whichever option you choose, make sure each of the following is checked:
eDirectory Version: Running different versions of NDS or eDirectory on the same version of NetWare can cause synchronization problems. All NDS versions should be at the latest version on their respective operating system platforms. If your version of NDS or eDirectory is outdated, download the latest software patch from Novell Directory Services Patches and Files.
Time Synchronization: NDS communication uses time stamps to uniquely identify objects and the object's modification time for synchronization purposes. Time stamps are assigned to each object and property to ensure the correct order for object and property updates. If servers in the tree are not synchronized to the correct local time (or more importantly, to each other) replica synchronization is not reliable and severe object corruption and data loss can be experienced. To avoid these problems, time needs to be in sync across all servers in the network.
Server-to-Server Synchronization: NDS servers communicate changes made to objects and partition boundaries. This step verifies that no errors exist when NDS performs synchronization processes.
Replica Ring Synchronization: This operation reads the Synchronization Status attribute from the replica object on each server that holds replicas of the partitions. It displays the time of the last successful synchronization to all servers as well as any errors that have occurred since.
Synchronization Tolerances: This operation indicates the time periods since a server has synced with inbound and outbound data changes, how much data is outstanding, etc.
Background Processes: These processes perform a variety of tasks, including replication of changes and maintenance of system information.
External References: This check determines whether a replica containing the object can be located.
Stuck Obituaries: These are object delete and move operations that have not completed successfully because mixed versions of DS have been used. Significant overhead is expended by the replica servers in retrying the obituary process constantly without success. Check the Flag States of the obituaries on all servers in the backlink lists for the obituaries.
Collision and Unknown Objects: In most cases, these objects can be deleted, but each should be investigated for origin and references first.
Replica States: Check the partitions and states of the replicas stored in the server's NDS database files.
eDirectory Schema Synchronization: Each NDS server has schema definitions that are used for creating and maintaining objects. Verify that schema synchronization between servers is working correctly.
Depending on your preference, you can perform an eDirectory server health check in several ways:
Use the health check utilities in eDirectory 8.8: NetIQ eDirectory 8.8 runs a health check by default with every upgrade before the actual package upgrade.
OES health checks are run by default before an upgrade operation starts.
NetWare health checks happen as part of the installation wizard.
You can run the diagnostic tools (ndscheck on OES; dscheck on NetWare), to complete a health check at anytime.
For additional information, including command parameters for each operating system, refer to eDirectory Health Checks
in the NetIQ eDirectory 8.8 SP8 Installation Guide.
Use iMonitor: You can use either of two methods (manual and automated) in iMonitor, a web-based diagnostic tool:
Use the Navigator Frame (iMonitor > Navigator > Reports).
Use the Assistant Frame (iMonitor > Assistant > Agent Health).
Even with a large number of servers, this procedure tends to run very quickly (less than 5 minutes for 15-20 servers if all of the servers are healthy). The process is the same for all operating systems.
Use TID 10060600: You can view a tutorial or access a text version of the TID at http://support.novell.com/additional/tutorials/index.html
For system requirements and prerequisites, see Installing or Upgrading NetIQ eDirectory on Linux in the NetIQ eDirectory 8.8 SP8 Installation Guide for a complete listing and explanation.
Check currently installed Novell and third-party applications to determine if eDirectory 8.8 is supported before upgrading your existing eDirectory environment. You can find the current status for Novell products in TID 31714342 What Novell products are supported with NetIQ eDirectory 8.8
If a product is not supported:
Do not install eDirectory 8.8 on the same server as the product.
Do not configure the product to search an eDirectory 8.8 server.
As long as these conditions are met, you can still upgrade unaffected servers and services to OES and eDirectory 8.8 and run with a mixed tree until a replacement for the older application is found.
For additional eDirectory design information, refer to Designing Your NetIQ eDirectory Network
in the NetIQ eDirectory 8.8 SP8 Administration Guide.